lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 8 Jul 2021 12:33:47 +0800
From:   iLifetruth <yixiaonn@...il.com>
To:     Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     Qiang Liu <cyruscyliu@...il.com>, yajin@...kernel.org
Subject: crypto: prefix additional module autoloading with "crypto-"

Hi, in the latest version of linux kernel, we may have found some
additional incomplete fixed crypto-related modules related to
CVE-2013-7421.

==========
The upstream commit 5d26a105b5a7 ("crypto: prefix module autoloading
with "crypto-"")  provided the fixing patch for CVE-2013-7421 about 7
years ago on 2014-11-24.

This patch changed the automatic module loading when requesting crypto
algorithms to prefix all module requests with "crypto-", so we can
never run the risk of exposing module auto-loading to userspace via a
crypto API, as demonstrated by Mathias Krause:
        https://lkml.org/lkml/2013/3/4/70

=========
And the common fix pattern we found in each crypto-related module is as follows:
1. linux/drivers/crypto/padlock-aes.c
       -MODULE_ALIAS("aes");
       +MODULE_ALIAS_CRYPTO("aes");

or in another module:

2. linux/drivers/crypto/qat/qat_common/adf_ctl_drv.c
      -MODULE_ALIAS("intel_qat");
      +MODULE_ALIAS_CRYPTO("intel_qat");
...

==========
Even though commit 5d26a105b5a7 added those aliases for a large number
of modules,  it is still missing some newly added crypto-related
modules.
For example:
1. for file linux/drivers/crypto/amcc/crypto4xx_trng.c in line 129,
Module_ALIAS is used instead of MODULE_ALIAS_CRYPTO
           MODULE_ALIAS("ppc4xx_rng");
     In fact, ppc4xx-rng was integrated into crypto4xx on 2016-04-18
by commit 5343e674f32fb8, which was committed about 2 years later than
the security bug fixing patch(5d26a105b5a7) committed on 2014-11-24

More modules that may not have been fixed are as follows:
2. linux/crypto/crypto_user_base.c
        MODULE_ALIAS("net-pf-16-proto-21");
3. linux/drivers/crypto/mxs-dcp.c
        MODULE_ALIAS("platform:mxs-dcp");
4. linux/drivers/crypto/omap-sham.c
        MODULE_ALIAS("platform:omap-sham");
5. linux/drivers/crypto/qcom-rng.c
        MODULE_ALIAS("platform:" KBUILD_MODNAME);
6. linux/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-core.c
        MODULE_ALIAS("platform:sun4i-ss");
7. linux/drivers/crypto/marvell/cesa/cesa.c
        MODULE_ALIAS("platform:mv_crypto");
8. linux/drivers/crypto/qce/core.c
        MODULE_ALIAS("platform:" KBUILD_MODNAME);

==========
Now, shall we port the fix pattern to these modules from the patch of
CVE-2013-7421?
We would like to contact you to confirm this problem.

Thank you!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ